content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
StartPowerShell:
# This snippet uses Sysinternals Sigcheck to upload file on VirusTotal.
# Change the line containing the string "INSERTFILEPATHHERE" to the desired filepath
# ---
# It displays the following: entropy, file hashes, catalog name & signing chain, VirusTotal scan results and link to it.
# It is also able to traverse symbolic links and directory junctions.
# ---
# NOTE: If the file is not known prior, it gets uploaded to VirusTotal and the result will be available in a few minutes.
# You can search up the report by visiting the URL "https://www.virustotal.com/gui/file/<SHA256>"
$TempDir = [System.IO.Path]::GetTempPath()
$ZipPath = Join-Path $TempDir "SigcheckFRST.zip"
$ExtractPath = Join-Path $TempDir "SigcheckFRST"
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Sigcheck.zip" -OutFile $ZipPath -UseBasicParsing
if (Test-Path $ExtractPath) { Remove-Item $ExtractPath -Recurse -Force }
Expand-Archive -Path $ZipPath -DestinationPath $ExtractPath -Force
$SigcheckExe = Join-Path $ExtractPath "sigcheck.exe"
if (Test-Path $SigcheckExe) {
$psi = New-Object System.Diagnostics.ProcessStartInfo
$psi.FileName = $SigcheckExe
$psi.Arguments = '-accepteula -a -h -i -m -l -vt -vs -nobanner "C:\Users\Kerim\AppData\Local\CD Projekt Red\Cyberpunk 2077\f645ce86f8e586882c75dfd7bb38b006\gamelan.py"'
$psi.RedirectStandardOutput = $true
$psi.StandardOutputEncoding = [System.Text.Encoding]::Unicode
$psi.UseShellExecute = $false
$psi.CreateNoWindow = $true
$p = [System.Diagnostics.Process]::Start($psi)
$output = $p.StandardOutput.ReadToEnd()
$p.WaitForExit()
Write-Output $output
} else {
Write-Host "Error: Sigcheck does not exist"
}
Remove-Item $ZipPath -Force
EndPowerShell:
2026-05-15 02:54 - 2026-05-15 02:54 - 000000000 ____D C:\Users\Kerim\AppData\Local\Yandex
2026-05-15 02:53 - 2026-05-15 11:46 - 000000000 ____D C:\Users\Public\Documents\KeyShot Network Resources
2026-05-15 02:53 - 2026-05-15 02:53 - 000003500 _____ C:\WINDOWS\system32\Tasks\Best Router Denmark 97148-489-1001
2026-05-15 03:09 - 2026-05-15 03:09 - 000003402 _____ C:\WINDOWS\system32\Tasks\KeyShot Network Worker
2026-05-15 02:53 - 2026-05-15 02:53 - 000000000 ____D C:\Users\Kerim\ss.exe
2023-11-18 04:05 - 2023-11-18 04:05 - 000007550 _____ () C:\Users\Kerim\AppData\Local\94234667147
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
AlternateDataStreams: C:\WINDOWS\tracing:? [34]
FirewallRules: [TCP Query User{6F042511-B63A-4ECA-85AE-5D59D6C6AF19}C:\users\kerim\appdata\local\vortxengine\app-2.4.57\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.4.57\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{E8DF9CA1-44D6-488D-89E7-C2F444D2D1B3}C:\users\kerim\appdata\local\vortxengine\app-2.4.57\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.4.57\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{BD9D65FD-AC73-42F7-9618-F3C81320C54D}Z:\ai limit (2025)\ai limit\ai-limit.exe] => (Allow) Z:\ai limit (2025)\ai limit\ai-limit.exe => No File
FirewallRules: [UDP Query User{744C34BB-41E8-4B37-9CB6-F77699115269}Z:\ai limit (2025)\ai limit\ai-limit.exe] => (Allow) Z:\ai limit (2025)\ai limit\ai-limit.exe => No File
FirewallRules: [TCP Query User{357672C2-4555-424B-A80F-B7ADFFC25075}C:\users\kerim\appdata\local\vortxengine\app-2.5.0\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.0\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{DECD52A1-7704-4B36-A2E5-92B75F575F5B}C:\users\kerim\appdata\local\vortxengine\app-2.5.0\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.0\signal-x64\signalrgb.exe => No File
FirewallRules: [{18A29DB7-5568-40CC-8CBE-7A232D8FDFF9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{C625B969-0148-4F9B-AEED-6ADADA3C4B60}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{9825F002-FD03-46F7-BE3E-B70A73EA6E94}C:\users\kerim\appdata\local\vortxengine\app-2.5.6\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.6\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{85052308-4FE7-425A-A942-B389CEAC1D57}C:\users\kerim\appdata\local\vortxengine\app-2.5.6\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.6\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{6BB61CD5-AAB1-48A2-8EDE-C038AD0B4A84}C:\games\stellar blade\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\games\stellar blade\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6AD49DFC-251A-460E-8A4E-A1047C0ABA21}C:\games\stellar blade\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\games\stellar blade\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [{1F63BFA8-8C82-4F4C-B6E6-CBB82B48A0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StellarBlade\SB.exe => No File
FirewallRules: [{0C562428-4891-4BC8-813D-1EAA7DC049D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StellarBlade\SB.exe => No File
FirewallRules: [TCP Query User{0BE3CDB2-6F07-4B69-8B33-F9DEC052F4F6}C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [UDP Query User{95C8734A-E8B3-460C-95E7-76B1AE2C3521}C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\stellarblade\sb\binaries\win64\sb-win64-shipping.exe => No File
FirewallRules: [TCP Query User{B8AF942D-6929-4C37-A6D7-489427959FBC}C:\program files\ea games\ea sports fc 25\fc25.exe] => (Allow) C:\program files\ea games\ea sports fc 25\fc25.exe => No File
FirewallRules: [UDP Query User{CD6C0BC5-952E-4ADC-A09C-A8A5AA9D19C1}C:\program files\ea games\ea sports fc 25\fc25.exe] => (Allow) C:\program files\ea games\ea sports fc 25\fc25.exe => No File
FirewallRules: [{55FAF1AA-AC90-4881-9D77-7D04945B306C}] => (Allow) C:\Program Files\EA Games\EA SPORTS FC 25\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [{3E8C69DF-C4B9-4FF9-A47E-06AEFDE147FF}] => (Allow) C:\Program Files\EA Games\EA SPORTS FC 25\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [TCP Query User{4C9DE929-3D1D-4D82-8E76-E5AB71897A09}Z:\mortal.sin\mortal.sin\game\mortal sin.exe] => (Allow) Z:\mortal.sin\mortal.sin\game\mortal sin.exe => No File
FirewallRules: [UDP Query User{9E845097-7553-469B-B02A-F20DE1374CD9}Z:\mortal.sin\mortal.sin\game\mortal sin.exe] => (Allow) Z:\mortal.sin\mortal.sin\game\mortal sin.exe => No File
FirewallRules: [TCP Query User{112270D7-73AF-4727-8952-17C1151C6AF3}C:\users\kerim\appdata\local\vortxengine\app-2.5.16\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.16\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{6044B2C5-838C-4921-9A0D-0B9C4F7763E7}C:\users\kerim\appdata\local\vortxengine\app-2.5.16\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.16\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{EF9D0AD3-C573-4B35-A47E-E9173E67A4FA}C:\users\kerim\appdata\local\vortxengine\app-2.5.17\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.17\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{2FACC300-6CE3-4F0E-B80F-A6F0B61F7966}C:\users\kerim\appdata\local\vortxengine\app-2.5.17\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.17\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{3FB28E3B-379E-4FF6-8720-37CC8952F3E4}Z:\silent hill f\shf\binaries\win64\shf-win64-shipping.exe] => (Allow) Z:\silent hill f\shf\binaries\win64\shf-win64-shipping.exe => No File
FirewallRules: [UDP Query User{5AD298A3-572E-426D-8189-9F59F8A9F1F9}Z:\silent hill f\shf\binaries\win64\shf-win64-shipping.exe] => (Allow) Z:\silent hill f\shf\binaries\win64\shf-win64-shipping.exe => No File
FirewallRules: [{E0DBF0D1-9551-4690-9E17-387080176A1E}] => (Allow) Z:\EA SPORTS FC 26\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [{7EBED5A4-67A8-4B98-9386-3511BCEAD43B}] => (Allow) Z:\EA SPORTS FC 26\EAAntiCheat.GameServiceLauncher.exe => No File
FirewallRules: [TCP Query User{E68D0DAD-5155-4E51-86A6-63189CD22552}Z:\ea sports fc 26\fc26_showcase.exe] => (Allow) Z:\ea sports fc 26\fc26_showcase.exe => No File
FirewallRules: [UDP Query User{37DAA40E-51F3-461A-AD7C-E37F396D7051}Z:\ea sports fc 26\fc26_showcase.exe] => (Allow) Z:\ea sports fc 26\fc26_showcase.exe => No File
FirewallRules: [TCP Query User{5DCAC429-5FF0-463E-8E57-CEFE4C176548}Z:\ea sports fc 26\fc26.exe] => (Allow) Z:\ea sports fc 26\fc26.exe => No File
FirewallRules: [UDP Query User{5DCED3F1-69EF-48DF-9F26-BF43C445AB21}Z:\ea sports fc 26\fc26.exe] => (Allow) Z:\ea sports fc 26\fc26.exe => No File
FirewallRules: [TCP Query User{EF4639EC-CBE4-4A9B-89E6-2A5A2BECB50D}C:\users\kerim\appdata\local\vortxengine\app-2.5.18\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.18\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{5E132A3F-3AD4-4ECB-A458-DAAF56D3AC9E}C:\users\kerim\appdata\local\vortxengine\app-2.5.18\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.18\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{673F5B35-E61B-4048-9850-FEBC336EA130}C:\users\kerim\appdata\local\vortxengine\app-2.5.19\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.19\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{1166DC22-80FF-4964-8299-980F14CB1159}C:\users\kerim\appdata\local\vortxengine\app-2.5.19\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.19\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{113BF408-3AE4-4CBC-84C9-85FAFB8D6D0F}Z:\duckov.v1.0.26\duckov.exe] => (Allow) Z:\duckov.v1.0.26\duckov.exe => No File
FirewallRules: [UDP Query User{B7085C98-6944-4164-88BD-21D9233D5789}Z:\duckov.v1.0.26\duckov.exe] => (Allow) Z:\duckov.v1.0.26\duckov.exe => No File
FirewallRules: [TCP Query User{0D7D33AA-393E-412F-AF5C-4010C3AD7A60}Z:\kingdom come - deliverance ii\bin\win64mastermastersteampgo\kingdomcome.exe] => (Allow) Z:\kingdom come - deliverance ii\bin\win64mastermastersteampgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{6C7D1643-110D-4FAB-82BA-DBD4929C36A2}Z:\kingdom come - deliverance ii\bin\win64mastermastersteampgo\kingdomcome.exe] => (Allow) Z:\kingdom come - deliverance ii\bin\win64mastermastersteampgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{A93D7103-6568-4776-A725-DA7DE072A106}C:\users\kerim\appdata\local\vortxengine\app-2.5.22\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.22\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{9B040B28-F86D-4F01-AB7B-B6F3E261274A}C:\users\kerim\appdata\local\vortxengine\app-2.5.22\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.22\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{821F5862-8388-448B-B1AA-B195F176AEE7}C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{2BEAC372-509B-4B1F-BBE3-B30D91EC578E}C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe => No File
FirewallRules: [{79E4D2DF-EB21-483C-AA46-507E41D39701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duel Corp Playtest\Duel Corp Playtest\Duel Corp Playtest.exe => No File
FirewallRules: [{9B969A08-154A-4EA3-B9A6-0C9BE4903F42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duel Corp Playtest\Duel Corp Playtest\Duel Corp Playtest.exe => No File
FirewallRules: [TCP Query User{1B4B7871-7832-443D-9217-D251A35C3A98}C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{2AE8BA19-0977-47E9-B2EF-9D219B39D33B}C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.25\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{AF339ABF-FA8E-42BC-8085-9A5A0A2738BE}C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{47B38365-72A4-472A-94A6-0EB5ECF2973A}C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{08578386-CE53-49C2-BCA8-C35EAE84F82C}Z:\codevein2\codevein2\binaries\win64\codevein2-win64-shipping.exe] => (Allow) Z:\codevein2\codevein2\binaries\win64\codevein2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{0217FEE3-1FB4-40B1-8EB6-B834D045CFAE}Z:\codevein2\codevein2\binaries\win64\codevein2-win64-shipping.exe] => (Allow) Z:\codevein2\codevein2\binaries\win64\codevein2-win64-shipping.exe => No File
FirewallRules: [TCP Query User{FBA947B7-529F-4837-9983-61F6D9816C8D}C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{74F2507E-9B21-4FB8-8EC1-886A2FAC4A33}C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe] => (Allow) C:\users\kerim\appdata\local\vortxengine\app-2.5.28\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{7D17A206-691D-4733-8C7A-6F818D09A774}C:\users\kerim\appdata\local\vortxengine\app-2.5.39\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.39\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{F1F59FFA-D8F2-441C-AACD-BF49606E6562}C:\users\kerim\appdata\local\vortxengine\app-2.5.39\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.39\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{270B6C75-6AD8-480F-BF4A-CAD42AD2ABEA}C:\users\kerim\appdata\local\vortxengine\app-2.5.40\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.40\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{BDE44BE4-A8FB-48AF-9588-7306C2E03A97}C:\users\kerim\appdata\local\vortxengine\app-2.5.40\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.40\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{62F7A820-7EBD-4627-AA23-323FD240B562}C:\users\kerim\appdata\local\vortxengine\app-2.5.41\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.41\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{7A7D0FD3-C5B7-4DF8-B05D-104C035622E0}C:\users\kerim\appdata\local\vortxengine\app-2.5.41\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.41\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{AC687BA3-3E13-4132-A7A9-52740EBFDAEB}C:\users\kerim\appdata\local\vortxengine\app-2.5.45\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.45\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{E1A3B9FF-EBC8-4308-AF9C-5AF2C880C685}C:\users\kerim\appdata\local\vortxengine\app-2.5.45\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.45\signal-x64\signalrgb.exe => No File
FirewallRules: [TCP Query User{E19EB562-F288-4F78-9F5B-231FAC252481}C:\users\kerim\appdata\local\vortxengine\app-2.5.50\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.50\signal-x64\signalrgb.exe => No File
FirewallRules: [UDP Query User{55B7376A-400D-4C06-8E71-DE1D7D27DD0D}C:\users\kerim\appdata\local\vortxengine\app-2.5.50\signal-x64\signalrgb.exe] => (Block) C:\users\kerim\appdata\local\vortxengine\app-2.5.50\signal-x64\signalrgb.exe => No File
FirewallRules: [{57B2ABA4-08C3-4824-AFA0-318F2EEA8C99}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{BC55F306-A0C7-46B7-9259-1B1290F5A452}] => (Allow) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{BA53F0F0-ED00-45B5-9C04-0ED0C95CB289}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
FirewallRules: [{27A8DFD7-2FF0-4859-9AFE-EE1F8A7C71AE}] => (Block) C:\Program Files (x86)\Overwolf\0.296.3.3\OverwolfBrowser.exe => No File
HKU\S-1-5-21-2875166967-2186864596-3608615489-1001\...\Run: [com.todesktop.25020447d4kq915] => C:\Users\Kerim\AppData\Local\Programs\Perplexity\Perplexity.exe (No File)
Task: {6B156774-20EC-4DF5-825A-C5C943DB88E6} - \PCIeBus -> No File <==== ATTENTION
Task: {97FFFB31-70B5-42E6-BB2C-99A6DCFB4438} - \PCIeBusQueue -> No File <==== ATTENTION
Task: {51B2DFD9-9672-4E49-88DD-056B8E1E9A95} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {0CA07051-9829-41C9-877C-9DE77A104580} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (No File)
Task: {F81DC336-82EB-42FA-AA18-2A3CFFAEA873} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {D598F621-3E88-4C11-9953-DE52B7828560} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {7D4435F7-4779-4E29-8845-7767445AD4BD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {FA724DCA-3C83-4D14-92E0-282EB38F5A6E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S3 EAAntiCheat; system32\drivers\eaanticheat.sys (No File)
2025-12-31 04:31 - 2025-12-31 04:31 - 000000048 ____R () C:\Users\Kerim\AppData\Local\44F9E894E743281FC2D2AA8B0636138F
2023-12-12 16:17 - 2023-12-12 16:17 - 000005534 _____ () C:\Users\Kerim\AppData\Local\92056688834
2023-02-21 23:52 - 2023-02-21 23:52 - 000006598 _____ () C:\Users\Kerim\AppData\Local\92580481036
2023-11-15 15:39 - 2023-11-15 15:39 - 000005358 _____ () C:\Users\Kerim\AppData\Local\92670232940
2023-11-19 04:10 - 2023-11-24 13:22 - 000005534 _____ () C:\Users\Kerim\AppData\Local\9941439427
HKU\S-1-5-21-2875166967-2186864596-3608615489-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2875166967-2186864596-3608615489-1001\...\Run: [KeyShot Network Worker] => C:\Users\Kerim\ss.exe\knworker.exe [2150768 2026-05-15] (KeyShot -> KeyShot) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {E61EF5AB-05EA-404C-8D41-58F572304A40} - System32\Tasks\Best Router Denmark 97148-489-1001 => C:\Users\Kerim\AppData\Local\CD Projekt Red\Cyberpunk 2077\f645ce86f8e586882c75dfd7bb38b006\pythonw.exe -> "C:\Users\Kerim\AppData\Local\CD Projekt Red\Cyberpunk 2077\f645ce86f8e586882c75dfd7bb38b006\gamelan.py" <==== ATTENTION
Task: {FB16C8B1-6D9E-4E3F-A396-4661AABA055A} - System32\Tasks\KeyShot Network Worker => C:\Users\Kerim\ss.exe\knworker.exe [2150768 2026-05-15] (KeyShot -> KeyShot) <==== ATTENTION
S3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2025-06-25] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
HKU\S-1-5-21-2875166967-2186864596-3608615489-1001\...\Policies\Explorer: [DisallowRun] 1
C:\Users\Kerim\AppData\Local\CD Projekt Red\Cyberpunk 2077\f645ce86f8e586882c75dfd7bb38b006
File: C:\WINDOWS\SYSTEM32\UpdatePolicyScenarioReliabilityAggregator.dll
IFEO\EOSnotify.exe: [Debugger] /
IFEO\InstallAgent.exe: [Debugger] /
IFEO\MoNotificationUx.exe: [Debugger] /
IFEO\MusNotification.exe: [Debugger] /
IFEO\MusNotificationUx.exe: [Debugger] /
IFEO\Windows10UpgraderApp.exe: [Debugger] /
IFEO\Windows10Upgrade.exe: [Debugger] /
IFEO\WaasMedicAgent.exe: [Debugger] /
IFEO\WaaSMedic.exe: [Debugger] /
IFEO\UpdateAssistant.exe: [Debugger] /
IFEO\UsoClient.exe: [Debugger] /
IFEO\SihClient.exe: [Debugger] /
IFEO\remsh.exe: [Debugger] /
StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.